diff --git a/redhat/ocp4/4.16/2024.12.azure.sso.without.group.sync.md b/redhat/ocp4/4.16/2024.12.azure.sso.without.group.sync.md
index fd325ef7..2eaa7ec4 100644
--- a/redhat/ocp4/4.16/2024.12.azure.sso.without.group.sync.md
+++ b/redhat/ocp4/4.16/2024.12.azure.sso.without.group.sync.md
@@ -124,6 +124,9 @@ Then, go to `app registration` -> `manifest`, backup existed manifest, and make
 > [!NOTE]
 > remember to backup the manifest before you make any changes.
 
+Reference:
+- https://github.com/MicrosoftDocs/entra-docs/blob/main/docs/identity/hybrid/connect/how-to-connect-fed-group-claims.md#configure-the-microsoft-entra-application-registration-for-group-attributes
+
 ![](imgs/2024.12.azure.sso.without.group.sync.md/2024-12-20-22-19-48.png)
 
 
@@ -484,6 +487,35 @@ You can see 2 groups synced, which is l1.u01 belongs to.
 
 ![](imgs/2024.12.azure.sso.md/2024-12-19-22-26-30.png) -->
 
+# show me the code
+
+In openshift oauth-server code, we can see openid related code
+- https://github.com/openshift/oauth-server/blob/release-4.16/pkg/oauth/external/openid/openid.go
+```go
+......
+type Config struct {
+	ClientID     string
+	ClientSecret string
+
+	Scopes []string
+
+	ExtraAuthorizeParameters map[string]string
+
+	AuthorizeURL string
+	TokenURL     string
+	UserInfoURL  string
+
+	IDClaims                []string
+	PreferredUsernameClaims []string
+	EmailClaims             []string
+	NameClaims              []string
+	GroupClaims             []string
+
+	IDTokenValidator TokenValidator
+}
+......
+```
+
 # end